Is there a way to allow non-admin users access http://localhost:4502/.cqactions.html?

Hi there,

Thanks for reaching out to Adobe Community.

You can assign permissions to a particular user on a specific node under the AEM Security Console: http://localhost:4502/useradmin

[img]permissions.png[/img]

Thanks!

Hi Shekhar,

Buddy are you an automated bot or something? :)

Or are you just trolling me? :)

Do you even read questions before answering? :)

.cqactions is not a node, it is a REST endpoint that is used throughout CQ5 for various administrative actions.

Thanks dear bot!

Pretty sure Shekhar is not a bot as his answer was correct (although perhaps could have been more complete) :)

You wrote

In particular, I want a non-admin user to be allowed use .cqactions to assign permissions for a given path to a given user:

And the way you would do that is by granting the edit access control permission.

Justin

Hi Justin,

Looks like I have not phrased my question clearly. Let me try again. :)

As you know, there's this undocumented URL that we can send POST requests to inorder to perform various administrative activities:

    http://loclhost:4502/.cqactions.html

For example, in order to modify permissions for a given user (e.g. user1) for a given path (e.g. /), the admin user can POST the following request

    curl -u admin:admin --data "authorizableId=user1&changelog=path:/,read:true,modify:false,create:false,delete:false,acl_read:false,acl_edit:false,replicate:false" http://loclhost:4502/.cqactions.html

The admin user can make this POST request with no problem. However we want to avoid using the admin user as much as possible. As such, we have created this special user called deployer and we want to use the deployer to make this request. However if we perform the same POST request with this user, CQ5 responds with a 401 Unauthorized error:    

    curl -u deployer:pass --data "authorizableId=user1&changelog=path:/,read:true,modify:false,create:false,delete:false,acl_read:false,acl_edit:false,replicate:false" http://loclhost:4502/.cqactions.html

This is more or less similar to another issue we had recently: out of the box, only the admin user can login to http://loclhost:4502/system/console. In order to allow other users to login to /system/console, we have to configure an OSGi service (org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider)
and whitelist that user as well: http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manager.topic.html/forum__7rd3-hi_we_want_tocr.html

Is there a way we can configure CQ5 so that we can let users other than admin send POST requests to http://loclhost:4502/.cqactions.html?

By the way, if I died because of a heart attack or something, or I just lost my sanity all of a sudden, in my will I have mentioned that it is because of the AEM Help Forums. I have mentioned the only way I can be avenged is by finding the people who have developed the Help Forums and force them to use the forum 24 hours a day. :((((

The Eng team has improved the performance of the forums. They are working on making them even better.  The community will see improvements throughout 2015. 

Thanks Jorg. That worked.

Is there a way to let non-admin users see the list of installed packages under http://localhost:4503/crx/packmgr/index.jsp?

Hi,

it's the same approach: provide read access for these users to /etc/packages.

kind regards,
Jörg